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Commissioner for Patents 
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Sir: 



Applicant (hereinafter "Appellant") hereby appeals the final rejection dated February 7, 2006 
of claims 1, 6, 7, 13, 18, 19 and 25 of the above-identified application. 

REAL PARTY IN INTEREST 
The present application is currently assigned to Avaya Inc. or a subsidiary thereof. Avaya 
Inc. is the real party in interest. 

RELATED APPEALS AND INTERFERENCES 
There are no known related appeals or interferences. 



STATUS OF CLAIMS 
The present application was filed on January 10, 2002, with claims 1-25. Claims 1-25 
remain pending. Claims 1, 2, 8, 13, 14, 20 and 25 are the independent claims. 
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Each of claims 1,6,7, 13, 18, 19 and 25 stands rejected under 35 U.S.C. §103(a). Claims2. 
5, 8-12, 14-17 and 20-24 are allowed. Claims 1, 6, 7, 13, 18, 19 and 25 are appealed. 

STATUS OF AMENDMENTS 
There have been no amendments filed subsequent to the final rejection. 

SUMMARY OF CLAIMED SUBJECT MATTER 
Independent claim 1 is directed to a method for providing secure communications between 
two or more end units of a call processing system via a communication switch of the system, where 
each of the end units are coupled between the communication switch and one or more terminals of 
the system. An illustrative embodiment of the recited call processing system is shown as system 100 
in FIG. 1, and includes a communication switch in the form of call complex 102. End units 110-1, 
110-2, ... 1 10-N are coupled between the call complex 102 and respective sets of terminals 1 12. 
More particularly, associated with each of the end units 1 10-/, /= 1, 2, ... N, is a set of terminals 
denoted Extension iO 1 , Extension /02, . . . Extension /XX. These extensions correspond generally to 
terminal endpoints serviced by the call complex 102, e.g., the call complex 102 can direct incoming 
calls to and receive outgoing calls from these extensions in a conventional manner. See the 
specification at page 4, line 25, to page 5, line 3. 

The recited method includes the step of storing, in a memory associated with the 
communication switch, a plurality of sets of session key lists including a set of session key lists for 
each of the end units. An example of one such set of session key lists stored for a given one of the 
end units 110-1 of system 100 is shown in FIG. 3 of the drawings. The end unit 1 10-1 is the end 
unit having Extension 101, Extension 102, . Extension IXX associated therewith, as shown in 
FIG. 1, although it should be understood that similar sets of session key lists may be configured for 
each of the other end units 1 10. The set of session key lists for end unit 1 10-1 as shown in FIG. 3 
includes session key lists denoted SKLST[0], SKLST[101], SKLST[102], . . . SKLST[1XX]. The 
session key list SKLST[0] includes only a single element as shown, while each of the other session 
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key lists SKLST[101], SKLST[102], . . . SKLST[1XX], corresponding to respective terminals 
Extension 101, Extension 102, . Extension IXX, includes a table of M session keys, 312-1,3 12-2, 
. . . 312-XX, respectively. See the specification at page 7, line 23, to page 8, line 16. 

The recited method further includes the step of selecting as an end unit to end unit session 
key a session key from a session key list in a given one of the sets of session key lists associated 
with an originating end unit, the selected end unit to end unit session key being utilizable in 
providing secure communications between the originating end unit and at least one other end unit via 
the communication switch. As noted above, an example of a set of session key lists for end unit 
1 10-1 is shown in FIG. 3, and a session key may be selected from one of the lists in the set of lists 
for end unit 110-1 for secure communications with another end unit. See the specification at, for 
example, page 11, lines 7-8 and 10-13, 

The claim further recites that the end units have respective pluralities of terminals associated 
therewith, and that a given one of the end units is configured to provide an interface between its 
associated terminals and the commimication switch. As noted previously, such an arrangement is 
shown in FIG. 1, where end units 110 have respective pluralities of terminals 112 associated 
therewith, and provide interfaces between their respective terminals 1 12 and the call complex 102. 
In addition, the claim recites that a given set of session key lists associated with the originating end 
imit comprises session key lists for respective terminals associated with that end unit, and that the 
given set of session key lists is generated in the originating end unit and transmitted from the 
originating end unit to the communication switch in conjunction with an authentication protocol 
carried out between the originating end unit and the communication switch. As described above, an 
example of the set of session key lists associated with end unit 1 10-1 is shown in FIG. 3, and steps 
400 and 406 of the flow diagram in FIG. 4 indicate that such a set of session key lists is generated by 
the end unit and sent to the communication switch. See the specification at page 9, lines 1-20. 

Independent claim 13 is an apparatus claim, and recites a memory and processor configured 
to provide operations similar to those described above in the context of claim 1 . An example of the 
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recited apparatus may be call complex 102 as shown in FIG. 2, which includes memory 202 and 
processor 200. See the specification at page 6, lines 13-20. 

Independent claim 25 is an article of manufacture claim, directed to a machine-readable 
storage medium storing one or more programs for use in a call processing system such as system 100 
of FIG. 1. Such a machine-readable storage medium may comprise, for example, memory 202 in 
call complex 102 as shown in FIG. 2. See the specification at, for example, page 6, lines 21-26. 

Advantageously, the claimed arrangements in the above-noted illustrative embodiments 
protect a call complex, end units and other elements of a call processing system from Internet 
protocol (IP) spoofing, denial of service, and other attacks, thereby facilitating secure and efficient 
implementation of IP communications within such a system. See the specification at, for example, 
page 3, lines 19-22, and page 18, lines 20-23. 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 
Claims 1 , 6, 7, 1 3 , 1 8, 1 9 and 25 are rejected under 35 U.S.C. § 1 03(a) as being unpatentable 
over U.S. Patent Publication No. 2003/0046534 (hereinafter "AUdredge") in view of U.S. Patent No. 
6,148,404 (hereinafter "Yatsukawa"). 

ARGUMENT 
SI 03(a) Rejection of Claims L 6, 7, 13. 18. 19 and 25 
Claims 1. 13 and 25 

A proper prima facie case of obviousness requires that the cited references when combined 
must "teach or suggest all the claim limitations," and that there be some suggestion or motivation, 
either in the references themselves or in the knowledge generally available to one of ordinary skill in 
the art, to combine the references or to modify the reference teachings. See Manual of Patent 
Examining Procedure (MPEP), Eighth Edition, August 2001, §706.020). 

Appellant submits that the Examiner has failed to establish a proper prima facie case of 
obviousness in the present § 103(a) rejection of claims 1, 13 and 25, in that the AUdredge and 



4 



501008-A-Ol-US (Sasmazel) 



Yatsukawa references, even if assumed to be combinable, fail to teach or suggest all the claim 
limitations, and in that no cogent motivation has been identified for combining the references or for 
modifying the reference teachings to reach the claimed invention. Further, even if it is assxmied that 
a proper prima facie case has been established, there are particular teachings in one or more of the 
references which controvert the obviousness argument put forth by the Examiner. 

As indicated previously, each of independent claims 1,13 and 25 recites an arrangement in 
which a given end unit provides an interface between an associated plurality of terminals and a 
communication switch, and specifies that a set of session key lists associated with an originating end 
unit comprises session key lists for respective terminals associated with that end unit. Each of these 
independent claims further specifies that a given set of session key lists is generated in the 
originating end unit and transmitted from the originating end unit to the communication switch in 
conjunction with an authentication protocol carried out between the originating end unit and the 
conmiunication switch. 

It is also important to note that the claims call for storing a plurality of sets of session key 
lists including a set of session key lists for each of the end units. As noted previously herein, an 
example of one such set of session key lists stored for a given one of the end units 110-1 of system 
100 is shown in FIG. 3 of the drawings. The end unit 1 10-1 is the end unit having Extension 101, 
Extension 102, . Extension IXX associated therewith, as shown in FIG. 1, although it should be 
understood that similar sets of session key lists may be configured for each of the other end units 
1 10. The set of session key lists for end unit 1 10-1 as shown in FIG. 3 includes session key lists 
denoted SKLST[0], SKLST[101], SKLST[102], . . . SKLST[1XX]. The session key list SKLST[0] 
includes only a single element as shown, while each of the other session key lists SKLST[101], 
SKLST[102], . . . SKLST[1XX], corresponding to respective terminals Extension 101, Extension 
102, .. . Extension IXX, includes a table of M session keys, 312-1,3 12-2, ... 3 12-XX, respectively. 
See the specification at page 7, line 23, to page 8, line 16. 

Appellant initially notes that certain of the characterizations of AUdredge as proffered by the 
Examiner appear to be deficient. For example, as indicated above, the claims in question call for 
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storing in a memory associated with a communication switch a plurality of sets of session key lists 
including a set of session key lists for each of the end units. The Examiner argues that such a 
plurality of sets of session key lists, with one set of session key lists for each end unit, and the end 
units providing an interface between the switch and respective terminals, is shown in paragraphs 
[0024]-[0026], [0059] and [0067] of AUdredge. See the final Office Action at page 2, section 2. 
Appellant respectfully submits that this is a mischaracterization of the teachings of AUdredge. The 
relied-upon arrangements in AUdredge relate to first and second sequences of encryption key 
material, where the first sequence is "provided to an anonymous first user" and the second sequence 
is "provided to an encryption server." See AUdredge at paragraph [0023] and FIG. 1 . The first and 
second sequences of encryption key material are "complementary sequences such that the encryption 
key material of the one sequence decrypts encrypted messages that have been encrypted with the 
other sequence," and may be "sequences of identical session keys." With reference to FIG. 2 of 
AUdredge and paragraph [0077], it is apparent that the first sequence of encryption key material is 
stored in a terminal of the system, namely, portable data storage device 25, which is illustratively 
shown as a portable computer. Thus, the first and second sequences relied upon by the Examiner do 
not constitute a plurality of sets of session key lists including a set of session key lists for each of the 
end units, where a given one of the end units provides an interface between the switch and a 
corresponding plurality of terminals. 

In formulating the § 1 03(a) rejection, the Examiner acknowledges that AUdredge fails to meet 
the above-noted limitations relating to generation of a set of session key lists in an end unit and the 
transmitting of the set of session key lists fi-om the end unit to the switch, but argues that the 
deficiencies of AUdredge are overcome by the teachings in column 5, line 57, to column 6, line 28, 
of Yatsukawa. See the final Office Action at page 4, last two paragraphs, to page 5, first paragraph. 
The portions of the Yatsukawa reference relied upon by the Examiner provide as follows: 

FIG. 6 shows a sequence taken when the client A logs into a server B. The processing 
in FIG. 6 is divided into phases (2 and 3) for sharing a session key used for common-key 
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enciphering (DES, IDEA and the like), and phases (4, 5 and 6) for performing authentication 
processing. The processing sequence is described below. 

1 Client A sends a log-in request to server B. 

2 Based on the log-in request, the server B sends the client A, a public key of the 
server B, random number and the like used for session-key sharing. 

3 Client A generates a session key, enciphers the session key by using the public key 
of the server B and sends it to the server B. When the server B receives the enciphered 
session key, the session key is shared by the client A and server B. In the subsequent 
processing, all messages transferred between the client A and server B are enciphered by the 
session key and transmitted. 

4 Client A sends a public key and user name of the client A to the server B. 

5 The server B verifies that the public key and user name of the client A are 
registered, generates challenge data (random number) for authentication, enciphers the 
challenge data by using As public key and sends it to the client A. 

6 Client A calculates a hash value of the challenge data, and sends the calculated 
value to the server B as challenge-response data. 

7 The server B compares the value of the challenge-response data received in step 6 
with a hash value of the stored challenge data directed to the client A, and if they are the 
same value, the log-in request is granted to the client A, while if they are different, the log-in 
request is rejected. 

An advantage of the SSH scheme is in that since the challenge data changes each 
time, "masquerading" by a third person is impossible even if the third person steals a 
message in the processing sequence 6. However, there is a disadvantage in that, if an 
administrator of the server B changes the client A's public key with ill intention, the 
administrator can "masquerade" as the client A. 
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Appellant respectfully submits that the foregoing passage fails to supplement the deficiencies 
of AUdredge as applied to the independent claims. For example, it fails to teach or suggest the 
claimed generation of a set of session key lists in an originating end unit and transmission of the set 
of session key lists from the originating end unit to the communication switch in conjunction with an 
authentication protocol carried out between the originating end unit and the communication switch. 
In the above-cited passage from Yatsukawa, client A simply establishes a session key with server B 
and then participates in a challenge-response authentication protocol with that same server B. In an 
arrangement of this type, there does not appear to be any need whatsoever for generation or 
transmission of sets of session key lists between entities A and B. 

It is therefore believed that the collective teachings of AUdredge and Yatsukawa fail to meet 
the limitations of independent claims 1, 13 and 25, and fail to provide the associated advantages in 
terms of protecting a communication switch and end units from attacks while facilitating secure IP 
communications in a call processing system. 

With regard to motivation to combine the references, the Federal Circuit has stated that when 
patentability tums on the question of obviousness, the obviousness determination "must be based on 
objective evidence of record" and that "this precedent has been reinforced in myriad decisions, and 
cannot be dispensed with." In re Sang^Su Lee . 277 F.3d 1338, 1343 (Fed. Cir. 2002). Moreover, the 
Federal Circuit has stated that "conclusory statements" by an examiner fail to adequately address the 
factual question of motivation, which is material to patentability and cannot be resolved "on 
subjective belief and unknown authority." Id. at 1343-1344. 

The purported objective evidence of motivation to combine, provided by the Examiner at 
page 4, last paragraph, to page 5, first paragraph, of the final Office Action, appears to be conclusory 
in that it fails to indicate with sufficient specificity why or how one skilled in the art would combine 
AUdredge with Yatsukawa to reach the claimed invention. The Examiner relies primarily on the 
statement in column 6, lines 21-25, of Yatsukawa, which relates to the use of "challenge data" 
provided by server B to client A in the authentication protocol. However, the claimed invention 
relates to generation of a set of session key lists in an originating end unit and transmission of the set 
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of session key lists from the originating end unit to the communication switch in conjunction with an 
authentication protocol carried out between the originating end unit and the commimication switch. 
It is believed that the relied-upon portion of Yatsukawa relating to use of challenge data in a 
challenge-response authentication protocol between two entities fails to motivate the proposed 
combination with Alldredge. 

Appellant also notes that the session key referred to in Yatsukawa is established for use 
between client A and server B, However, the claims indicate that the session keys recited therein are 
for respective terminals associated with an end unit, and not session keys established between the 
end unit itself and the commimication switch. Yatsukawa would therefore seem to require that the 
recited originating end unit itself establish a session key with the communication switch, which is 
not what is claimed. Accordingly, the Yatsukawa disclosure actually seems to teach away from the 
claimed invention. Such a teaching away is believed to constitute evidence of non-obviousness 
sufficient to overcome any prima facie case that may have been established. 

It should also be noted in this regard that the Alldredge reference similarly teaches away 
from the claimed invention, by teaching simple session key establishment between terminals of the 
system and an encryption server, without reference to end units that provide an interface between the 
terminals and a communication switch of a call processing system. Arrangements of this type are 
believed to suffer from one or more of the disadvantages noted by Appellant in the background 
portion of the specification. 

Dependent claims 6, 7, 18 and 19 are believed allowable for at least the reasons identified 
above with regard to their respective independent claims, and are also believed to define separately- 
patentable subject matter as outlined below. 

Claims 6 and 18 

Dependent claims 6 and 1 8 further specify that the set of session key lists for a given one of 
the end units is supplied to the communication switch in encrypted form by that end unit as part of 
an authentication protocol carried out between that end unit and the communication switch. The 
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Examiner argues that such an arrangement is met by the teachings in AUdredge at paragraph [003 1], 
relating to a second sequence provided to an encryption server by a user. See the final Office Action 
at page 5, second paragraph. Appellant respectfully disagrees. There is no teaching or suggestion in 
the relied-upon portion of AUdredge to the effect that a set of session key lists is supplied from a 
given end unit to a switch in encrypted form. The passage in question simply indicates that the 
second sequence is "provided to" the encryption server. Accordingly, it is believed that the 
proposed combination of AUdredge and Yatsukawa fails to meet the particular limitations of 
dependent claims 6 and 18. 

Claims 7 and 19 

Dependent claims 7 and 19 further specify that a first session key element of the set of 
session key lists is utilizable for providing secure communications between the given one of the end 
units and the communication switch subsequent to completion of the authentication protocol. The 
Examiner argues that such an arrangement is met by the teachings in AUdredge at paragraph [0032], 
relating to interactions between a user and server 13. See the final Office Action at page 5, third 
paragraph. Appellant respectfully disagrees. This passage does not indicate that a first session key 
element of a set of session key lists is used subsequent to completion of an authentication protocol as 
recited. To the contrary, the passage relates to encryption of a message utilizing the first sequence. 
See paragraph [0033] of AUdredge. Accordingly, it is believed that the proposed combination of 
AUdredge and Yatsukawa fails to meet the particular limitations of dependent claims 7 and 19. 
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In view of the above, Appellant believes that claims 1, 6, 7, 13, 18, 19 and 25 are in 
condition for allowance, and respectfully requests the withdrawal of the § 103(a) rejection. 



Respectfully submitted. 



Date: July 10, 2006 




Attorney for Appellant(s) 
Reg. No. 37,922 
Ryan, Mason & Lewis, LLP 
90 Forest Avenue 



Locust Valley, NY 11560 
(516) 759-7517 
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CLAIMS APPENDIX 

1 . In a call processing system, a method for providing secure communications between two 
or more end units of the system via a communication switch of the system, each of the end imits 
being coupled between the communication switch and one or more terminals of the system, the 
method comprising the steps of: 

storing in a memory associated with the communication switch a plurality of sets of 
session key lists including a set of session key lists for each of the end units; 

selecting as an end unit to end unit session key a session key from a session key list in 
a given one of the sets of session key lists associated with an originating end unit, the selected end 
unit to end unit session key being utilizable in providing secure communications between the 
originating end unit and at least one other end unit via the communication switch; 

wherein the end imits have respective pluralities of terminals associated therewith, a 
given one of the end units being configured to provide an interface between its associated terminals 
and the communication switch; 

wherein the given set of session key lists associated with the originating end unit 
comprises session key lists for respective terminals associated with that end unit; and 

wherein the given set of session key lists is generated in the originating end unit and 
transmitted from the originating end unit to the communication switch in conjunction with an 
authentication protocol carried out between the originating end unit and the communication switch. 
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2. In a call processing system, a method for providing secure communications between two 
or more end units of the system via a commxmication switch of the system, the method comprising 
the steps of: 

storing in a memory associated with the communication switch a plurality of sets of 
session key lists including a set of session key lists for each of the end units; 

selecting as an end unit to end unit session key a session key from a session key list in 
a given one of the sets of session key lists associated with an originating end unit, the selected end 
unit to end unit session key being utilizable in providing secure communications between the 
originating end unit and at least one other end unit via the communication switch; 

wherein the given one of the sets of session key lists is stored in the form of a data 
structure comprising at least a first session key element and a plurality of stack-based session key 
lists, each of the stack-based session key lists comprising a plurality of session keys associated with 
a particular terminal coupled to the originating end unit. 

3. The method of claim 2 wherein the first session key element is utilizable in providing 
secure communication between the originating end point and the communication switch. 

4. The method of claim 2 wherein the selected session key is selected from a designated one 
of the plurality of stack-based session key lists corresponding to a particular terminal which 
originated the secure commimications via the originating end imit. 



13 



501008-A-Ol-US (Sasmazel) 



5. The method of claim 4 wherein upon completion of the secure communications originated 
by the particular terminal, the corresponding originating end unit generates at least one additional 
session key which is added to the stack-based session key list for that terminal and is supplied to the 
communication switch for storage, the additional session key being utilizable in providing 
subsequent secure communications between the originating end unit and at least one other end unit. 

6. The method of claim 1 wherein the set of session key lists for a given one of the end units 
is supplied to the communication switch in encrypted form by that end unit as part of an 
authentication protocol carried out between that end unit and the communication switch. 

7. The method of claim 1 wherein a first session key element of the set of session key lists is 
utilizable for providing secure communications between the given one of the end units and the 
communication switch subsequent to completion of the authentication protocol. 

8. In a call processing system, a method for providing secure communications between two 
or more end units of the system via a communication switch of the system, the method comprising 
the steps of: 

storing in a memory associated with the communication switch a plurality of sets of 
session key lists including a set of session key lists for each of the end units; 
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selecting as an end unit to end unit session key a session key from a session key list in 
a given one of the sets of session key lists associated with an originating end unit, the selected end 
unit to end unit session key being utilizable in providing secure communications between the 
originating end unit and at least one other end unit via the communication switch; 

wherein a particular one of the session key lists associated with a particular terminal 
coupled to the originating end unit is selected for use in providing secure communications for a call 
originating at the particular terminal. 

9. The method of claim 8 wherein at least one additional terminal coupled to another end 
unit utilizes the selected session key to participate in the call originating at the particular terminal. 

10. The method of claim 9 wherein the additional terminal comprises a corresponding 
destination terminal of the call originating at the particular terminal. 

1 1 . The method of claim 9 wherein the additional terminal comprises an additional terminal 
other than a destination terminal of the call, the additional terminal being conferenced into the call 
originating at the particular terminal subsequent to connection of the call to the destination terminal. 
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12. The method of claim 1 1 wherein a new session key is selected from the session key list 
associated with the particular terminal after the additional terminal conferenced into the call is 
subsequently dropped from the call. 

13. An apparatxis for use in a call processing system for providing secure communications 
between two or more end units of the system via a communication switch of the system, each of the 
end units being coupled between the communication switch and one or more terminals of the system, 
the apparatus comprising: 

a memory associated with the communication switch and operative to store a plurality 
of sets of session key lists including a set of session key lists for each of the end units; and 

a processor coupled to the memory, the processor being operative to select as an end 
imit to end unit session key a session key from a session key list in a given one of the sets of session 
key lists associated with an originating end unit, the selected end unit to end unit session key being 
utilizable in providing secure communications between the originating end unit and at least one 
other end unit via the commimication switch; 

wherein the end units have respective pluralities of terminals associated therewith, a 
given one of the end units being configured to provide an interface between its associated terminals 
and the communication switch; 

wherein the given set of session key lists associated with the originating end unit 
comprises session key lists for respective terminals associated with that end unit; and 
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wherein the given set of session key lists is generated in the originating end unit and 
transmitted from the originating end imit to the communication switch in conjunction with an 
authentication protocol carried out between the originating end unit and the communication switch. 

14. An apparatus for use in a call processing system for providing secure conmiunications 
between two or more end units of the system via a communication switch of the system, the 
apparatus comprising: 

a memory associated with the communication switch and operative to store a plurality 
of sets of session key lists including a set of session key lists for each of the end units; and 

a processor coupled to the memory, the processor being operative to select as an end 
unit to end unit session key a session key from a session key list in a given one of the sets of session 
key lists associated with an originating end unit, the selected end unit to end unit session key being 
utilizable in providing secure communications between the originating end unit and at least one 
other end unit via the communication switch; 

wherein the given one of the sets of session key lists is stored in the form of a data 
structure comprising at least a first session key element and a plurality of stack-based session key 
lists, each of the stack-based session key lists comprising a plurality of session keys associated with 
a particular terminal coupled to the originating end imit. 
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15. The apparatus of claim 14 wherein the first session key element is utilizable in providing 
secure communication between the originating end point and the communication switch. 

16. The apparatus of claim 14 wherein the selected session key is selected from a designated 
one of the plurality of stack-based session key lists corresponding to a particular terminal which 
originated the secure communications via the originating end unit. 

17. The apparatus of claim 16 wherein upon completion of the secure conmiunications 
originated by the particular terminal, the corresponding originating end unit generates at least one 
additional session key which is added to the stack-based session key list for that terminal and is 
supplied to the communication switch for storage, the additional session key being utilizable in 
providing subsequent secure communications between the originating end unit and at least one other 
end unit. 

18. The apparatus of claim 13 wherein the set of session key lists for a given one of the end 
units is supplied to the commimication switch in encrypted form by that end unit as part of an 
authentication protocol carried out between that end unit and the communication switch. 
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19. The apparatus of claim 13 wherein a first session key element of the set of session key 
lists is utilizable for providing secure communications between the given one of the end units and 
the communication switch subsequent to completion of the authentication protocol. 

20. An apparatus for use in a call processing system for providing secure conmiunications 
between two or more end units of the system via a communication switch of the system, the 
apparatus comprising: 

a memory associated with die communication switch and operative to store a plurality 
of sets of session key lists including a set of session key lists for each of the end units; and 

a processor coupled to the memory, the processor being operative to select as an end 
unit to end unit session key a session key from a session key list in a given one of the sets of session 
key lists associated with an originating end unit, the selected end unit to end unit session key being 
utilizable in providing secure communications between the originating end unit and at least one 
other end unit via the communication switch; 

wherein a particular one of the session key lists associated with a particular terminal 
coupled to the originating end unit is selected for use in providing secure communications for a call 
originating at the particular terminal. 
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21. The apparatus of claim 20 wherein at least one additional terminal coupled to another 
end unit utilizes the selected session key to participate in the call originating at the particular 
terminal. 

22. The apparatus of claim 21 wherein the additional terminal comprises a corresponding 
destination terminal of the call originating at the particular terminal. 

23. The apparatus of claim 21 wherein the additional terminal comprises an additional 
terminal other than a destination terminal of the call, the additional terminal being conferenced into 
the call originating at the particular terminal subsequent to connection of the call to the destination 
terminal. 

24. The apparatus of claim 23 wherein a new session key is selected from the session key list 
associated with the particular terminal after the additional terminal conferenced into the call is 
subsequently dropped from the call. 

25. An article of manufacture comprising a machine-readable storage medium storing one or 
more programs for use in a call processing system for providing secure communications between 
two or more end units of the system via a communication switch of the system, each of the end units 
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being coupled between the communication switch and one or more temiinals of the system, wherein 
the one or more programs when executed implement the steps of: 

storing in a memory associated with the communication switch a plurality of sets of 
session key lists including a set of session key lists for each of the end units; 

selecting as an end unit to end unit session key a session key from a session key list in 
a given one of the sets of session key lists associated with an originating end unit, the selected end 
unit to end unit session key being utilizable in providing secure communications between the 
originating end unit and at least one other end unit via the communication switch; 

wherein the end units have respective pluralities of terminals associated therewith, a 
given one of the end units being configured to provide an interface between its associated terminals 
and the communication switch; 

wherein the given set of session key lists associated with the originating end unit 
comprises session key lists for respective terminals associated with that end unit; and 

wherein the given set of session key lists is generated in the originating end unit and 
transmitted from the originating end unit to the communication switch in conjunction with an 
authentication protocol carried out between the originating end unit and the communication switch. 
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EVIDENCE APPENDIX 

None 
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